Secure image caching

16141
Reporter: mdoering
Type: Improvement
Summary: Secure image caching
Priority: Critical
Status: Open
Created: 2014-07-23 10:48:17.206
Updated: 2014-07-23 10:48:17.206
        
Description: The image cache accepts a url as a GET parameter now and if that URL is not yet cached it caches and resizes it. This opens up the image cache for any user out there to cache and resize their own potentially illegal images of any size.

So far we havent seen any abuse, but the image cache should only allow retrieving of cached images openly and do a secured caching on request. That would we either cache all images upfront (ideal cause its quick) OR let the portal do 2 calls to the image cache. First an authenticated caching request and a second from the user browser that retrieves the cacehd image in the right size]]>